Going “eye to eye” with network security threats

One of the ironies of our increasingly technology-dependent society is that you need an ever increasing amount of technology to address the failings or risks of the technology itself. For example, improvements in LASIK surgery that reduce the risk of damage to the eye and increase the chance of a successful outcome, are based on more complex systems that integrate scanning, modeling, analysis, simulation and control systems.

You would not be likely to elect eye surgery without these state-of-the-art safeguards. Risk reduction is high on everyone’s list when personal health and safety are involved. While it may be necessary to plan a “real-time” response to an unexpected corneal hemorrhage, the key is to take all precautions to prevent these risks from occurring in the first place. Real time just isn’t fast enough.

Businesses today face a high-stakes challenge affecting the health of their business – protecting their IT network from security and operational risks. An infiltration or data breach can cause far-reaching, very expensive damage. Yet the leading security mantra over the past few years has been “real time response”.

Sometimes people confuse “real-time response” with “risk reduction”. The two couldn’t be further apart. Real-time response is about reaction time and damage control, but does little to eliminate a potential risk. Risk reduction is about systematically finding, prioritizing, and mitigating risks before they become problems.

Reducing risks in an enterprise network requires implementing technologies that assess, anticipate, prioritize, and provide the necessary information about the network and potential cyber threats to mitigate the risk before an attack or breach. To be effective, these IT tools require scanning, modeling, analysis, simulation, and control technologies – just like the technologies that make LASIK so much safer.

There are three key steps that must be taken in order for organizations to stay ahead of risk rather than playing catch-up after a security gap has been exposed or exploited.

Gain situational awareness
The first challenge in rolling out proactive security is to get a good view of the network environment – some call this “situational awareness’ You can’t x-ray the data center to generate a network map. To see invisible network devices and connections, you have to be able to collect a lot of network information and assemble it into a model of the network.

One of our customers, a UK financial institution, was going through a large merger with another bank, and needed to see the current state of their networks and reduce the chance of disruptions to business services caused by the integration of two different networks. Using Skybox solutions to collect data they were able to automatically create a detailed model of two 100,000+ IP node networks. What were they able to see? The network x-ray – showing devices, assets, configuration data, access paths, security policies.

Simulate the worst
Once you have a true model of the network, it’s critical to run “what if” scenarios to see how your network would respond to threats — without wreaking havoc on the live network. Attack simulation requires a knowledge of potential types of attacks, an understanding of network topology and configuration, and the ability to run complicated simulations. What firewall changes will lead to intrusion? Is there an exposed attack path that allows access to your financial systems – and how can you prevent a data breach?

Solutions that provide “what if’ capabilities allow you to model the effects of known or unknown threats, and rank those threats based on the damage potential. Frequent use of “what-if’ analysis is far better than “what happened’ analysis. With an advance look at your network defenses, IT security managers can craft effective network security plans, validate major network changes, and make smart security fixes in advance. It’s preventive medicine for your network.

Automate to reduce risks
Skilled IT personnel are fighting a losing battle as cyber threats appear more frequently and are more sophisticated in their ever-more complex networks. In the McAfee Threats Report for Third Quarter 2010, McAfee reports identifying an average of 60,000 malware signature detections per day in 2010, compared to 29,000 per day in 2008. According to the 2010 Verizon Data Breach report, customized malware was implicated in over 50% of breaches in 2008 and 2009, double the numbers of the two years before.

To win in this environment, IT teams must check the network topology regularly, find security gaps, assess new threats and act before it’s too late. Then repeat as often as necessary. Automation of security tasks is necessary to enable constant vigilance and fast mitigation of recognized risks. Security management tools that contain full task scheduling capabilities to automate data gathering, analysis, and link to remediation processes are the most effective at maintaining a risk-reduction trend.

Just as you would never think of having eye surgery with outdated, error-prone tools, savvy IT security managers would never think of facing the new world of complex cyber threats without the right tools. And those tools are proactive, not reactive. They are used frequently, not occasionally. They simulate an attacker’s viewpoint. Most importantly, they arm the IT staff with the ability to understand the entire network landscape in all its detail, providing the necessary acuity to reduce risk and keep complex networks safe and secure.

More about

Don't miss